Cisco Log 2 Graylog


(vinc) #1

hello
i have configurated my Cisco Switch 3560 to send the Log

enable

conf t

(config)#service timestamps log datetime msec
(config)#service timestamps debug datetime msec
(config)#logging host 10.147.42.40
(config)#logging trap 5
(config)#logging
(config)#logging source-interface loopback 0
(config)#logging origin-id string switch01

how to verify the Information got to the Graylog Server, and how to add them into the Graylog Server


(Jochen) #2

Have you created an appropriate input for these log messages, e. g. a Syslog UDP or TCP input listening on the correct port?


(bubba198) #3

There are 2 vehicles to collect Cisco IOS-based switch logs (can’t talk about CatOS - have none of those). One is via syslog and the other is via snmp. The latter will require the snmp plug-in for Graylog to be installed. I have found that syslog provides pretty useless data while snmp is superior in terms of answering the questions you want answered such as “what mac addresses are associated with particular switchports, etc”

In summary for snmp one needs a plug-in and of course configuring the traps that you want to be triggered on the cisco side


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.